The present invention relates generally to communication between two computing devices. More specifically, the present invention relates to a cryptographic technique for preventing a replay attack during such communication.
During communication between two computing devices, it is always possible that an unscrupulous third party that is unauthorized may listen to the communication, may tamper with the communication, or may attempt to send spurious communications of its own. One particular attempt at fraud in the communications field is known as a xe2x80x9creplay attack.xe2x80x9d
FIG. 1 illustrates a prior art arrangement 100 that illustrates a replay attack. Shown is a client computer 102 communicating with a server computer 104 over any suitable known communication medium 106. In the course of this communication, client 102 sends operation message 108 to server computer 104. Message 108 may or may not be encrypted and may or may not be part of a secure session. In this illustration, an unscrupulous third party 110 uses any suitable means to detect the transmission of operation message 108 from client 102 to server 104. Because third party 110 detects message 108 in its entirety and is not seeking to understand message 108, it is irrelevant to third party 110 whether the message is encrypted or not.
As part of the replay attack, third party 210 takes message 108 captured earlier and resends it at a later time to server computer 104 which may be unaware that message 108 is coming from a third party. If the replay attack is implemented successfully the server will believe that message 108 is coming from client 102 when actually it is being transmitted by third party 110. Because server 104 is unaware of the origin of the message, it may perform the operation present in the message unaware that the message did not come from client 102. Depending upon the content of operation message 108, the results of server 104 performing this operation again may have disastrous results. For example, message 108 might be a command to delete particular data, modify data, increment a user""s balance by particular amount, disgorge funds electronically, release sensitive information, etc.
Even if client 102 and server 104 had used sophisticated encryption to encrypt message 108 the server will be unaware that the message from the third party is bogus because the third party has replayed message 108 in it entirety and in its encrypted form. The illicit benefit received by third party 110 would not be the understanding of message 108, but the consequences of the operation performed by server 104 when it receives message 108 once again.
Accordingly, what is desired is a system and technique by which a replay attack during communication between computing devices may be prevented.
A replay attack prevention technique is disclosed that uses a secret algorithm exchanged between client and servers computers. The algorithm is used to periodically alter a special replay key. The replay key may then be used to alter the message sent or alter the digest appended to the message such that the message and or its digest varies as time progresses. An unscrupulous third party who replays a stolen operation message would be unaware of the replay key and its variation. Any stolen message that is replayed by the third party would not include the time varying aspect as expected by the server computer. The server computer would thus be able to detect the attempted fraud.
Preferably, the client and server exchange the secret algorithm before communication begins. The secret replay key may be exchanged at the beginning of the communication session in an encrypted form, or may be exchanged earlier. Because the replay key preferably never appears along with the message, and because the digest cannot be used to discover the replay key, the replay key is kept secret from third parties.
In a system embodiment of the invention, a client computing device and a server computing device communicate over a transmission medium. The client includes a message to be sent to the server over the transmission medium, a cryptographic key, and an alteration algorithm. The alteration algorithm is used to periodically change the cryptographic key, whereby a value to be appended to the message is periodically changed. The server receives the message and the appended value from the client. The server includes the same cryptographic key as in the client, and the same alteration algorithm. Thus, the server may calculate its own version of the value to compare with the received value from the client. A replay attack is prevented because a third party has neither the key or algorithm.
In a variation on this embodiment, the value is a digest calculated from the message using the cryptographic key. In this variation, the server has its own version of the digest calculated from the received message using the cryptographic key. In another embodiment, any number of alteration algorithms are held by the client and server along with an algorithm identifier that identifies which algorithm to be used for a particular transmission.